13 February 2007, 15:02

Code infiltration using prepared torrent files in µTorrent [Update]

Manipulated torrent files can trigger a buffer overflow in the latest version of the popular BitTorrent client µTorrent. An attacker could infiltrate and execute arbitrary code if a user opens a manipulated .torrent file.

.torrent files may contain 'announce' fields. If the entry is longer than 4800 bytes, an internal µTorrent buffer overflows. A demonstration program, which demonstrates the vulnerability under Windows 2000 and Windows XP with Service Pack 1, has now appeared on the milw0rm exploit archive.

µTorrent 1.6 build 474 is affected, older version may also contain the bug. A new version to fix the problem is not yet available. Users of the µTorrent client should either avoid torrents from untrusted sources or switch to a different BitTorrent client.

Update:

The developers released µTorrent 1.6.1 build 489 which fixes the bug.

Also on The H:

Share this article

Code infiltration using prepared torrent files in µTorrent [Update]

Also on The H:

Microsoft's struggle against bugs

CSI:Internet - Open heart surgery

CSI:Internet - A trip into RAM

The H Update Check

Internet Toolkit

Monopoly madness

What's new in Linux 3.4

A Practical Internet of Things

Booting up: Tools and tips for systemd

Kernel Log: Coming in 3.4 (Part 3) - Graphics drivers

Control Centre: The systemd Linux init system

Kernel Log: Coming in 3.4 (Part 2) - Filesystems, storage and drivers

Kernel Log: Coming in 3.4 (Part 1) - Infrastructure

What's new in Linux 3.3

Building a GSM network with open source

CSI:Internet - Controlled from the beyond

Price Insight Top 10 powered by Skinflint

The H

The H open source

The H Security

The H Internet Toolkit